Under the CIS Controls (Center for Internet Security), Control 1 is 'Inventory and Control of Enterprise Assets'. Why is this considered the foundational control?

Answer options:

It is the easiest to implement.

You cannot secure what you do not know you have.

It is required by the IRS.

It prevents malware execution.

How to approach this question

Logic: Step 1 of protecting a house is knowing where the doors and windows are.

Full Answer

B.You cannot secure what you do not know you have.✓ Correct

CIS Control 1 emphasizes that attackers scan for unprotected assets. If an organization does not have an accurate inventory, they cannot apply security controls (patching, configuration) to those 'shadow' assets.

Common mistakes

Thinking antivirus (Control 10) is first.

Question 40 All questions Question 42

Practice the full CPA ISC Practice Exam

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...Hard Q02During a walkthrough of a client's change management process, the auditor notes that developers h...Hard Q03A service organization provides a real-time transaction processing platform. The service level ag...Hard Q04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...Hard Q05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard

View all 82 questions →